New SSL option to set TLS record version?

New SSL option to set TLS record version?

I've run across a faulty SSL server implementation that appears to send a "handshake failure" alert if the ClientHello protocol version isn't equal to the TLS record version. In Erlang, different major versions choose the TLS record version differently. None of them are wrong according the TLS spec, but some of them break when I'm trying to connect to these bad server implementations.

What do you think of adding a new ssl_option like "client_hello_tls_record_version" to let us explicitly set the version to be used? Ideally, it would support values like 'tlsv1', 'tlsv1_2', 'lowest', 'highest', and 'same_as_client_hello', for example.

Re: New SSL option to set TLS record version?

I've run across a faulty SSL server implementation that appears to send a "handshake failure" alert if the ClientHello protocol version isn't equal to the TLS record version. In Erlang, different major versions choose the TLS record version differently. None of them are wrong according the TLS spec, but some of them break when I'm trying to connect to these bad server implementations.

What do you think of adding a new ssl_option like "client_hello_tls_record_version" to let us explicitly set the version to be used? Ideally, it would support values like 'tlsv1', 'tlsv1_2', 'lowest', 'highest', and 'same_as_client_hello', for example.